Protect Organisation Data in Unmanaged Devices with Microsoft Defender for Cloud Apps
Kelvin Ngware
Technical Consultant at BUI || Cloud Security, Compliance & Identity || Governance, Risk & Compliance
Microsoft Defender for cloud apps, formerly Microsoft Cloud Apps Security is the Microsoft Cloud Access Security Broker solution (CASB). We can say CASB is the intermediary in charge of monitoring and security between your end users and the different cloud services they must access, this allows you to apply policies to protect and monitor access in different cloud services such as policies to protect against data exfiltration.
Microsoft Defender for Cloud Apps (MDCA) can be used to protect organization data accessed via Unmanaged devices (BYOD). With MDCA, you can onboard your Microsoft 365, G suite, Drop Box, Salesforce, and other Software as a Service solutions. This means that, users can access their Emails on the browser but as the administrator you can prevent downloading of email attachment or copying email content on the personal devices without the need to enroll the devices to Mobile Device Management (MDM)/ Mobile Application Management (MAM).
When a user attempts to copy or download an email attachment on their personal device (both PC and phones) they will get a prompt indicating that the download action is not allowed by the organization (you can modify the notification that they receive here)
领英推荐
This downloading action can also be raised as an alert to the admins for further investigation. The admin will get an email of the policy violation with the details about the policy and a link to investigate further.
The user will also get an email to notify them about the policy violation and maybe some statement on what they can do next.
?To implement this level of control on unmanaged devices, you first create a conditional access policy from Entra Admin center and include the cloud apps you want to monitor and protect in the policy with a Session control enabled for “Use Conditional Access Policy.” Read more and admin experience here PROTECT SENSITIVE DATA IN UNMANAGED DEVICES(BYOD) WITH MICROSOFT DEFENDER FOR CLOUD APPS – Kevoh.Ninja